Multi-device port authentication configuration, Table 55 – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 256

Advertising
background image

236

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Multi-device port authentication configuration

If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.

Configuration examples are shown in

“Examples of multi-device port authentication and 802.1X

authentication configuration on the same port”

on page 263.

Multi-device port authentication configuration

Configuring multi-device port authentication on the Brocade device consists of the following tasks:

Enabling multi-device port authentication globally and on individual interfaces

Specifying the format of the MAC addresses sent to the RADIUS server (optional)

Specifying the authentication-failure action (optional)

Enabling and disabling SNMP traps for multi-device port authentication

Defining MAC address filters (optional)

Configuring dynamic VLAN assignment (optional)

Dynamically Applying IP ACLs to authenticated MAC addresses

Enabling denial of service attack protection (optional)

TABLE 55

Brocade vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Description

Foundry-802_1x-enable

6

integer

Specifies whether 802.1X authentication is
performed when multi-device port
authentication is successful for a device. This
attribute can be set to one of the following:
0 - Do not perform 802.1X authentication on
a device that passes multi-device port
authentication. Set the attribute to zero for
devices that do not support 802.1X
authentication.
1 - Perform 802.1X authentication when a
device passes multi-device port
authentication. Set the attribute to one for
devices that support 802.1X authentication.

Foundry-802_1x-valid

7

integer

Specifies whether the RADIUS record is valid
only for multi-device port authentication, or
for both multi-device port authentication and
802.1X authentication.
This attribute can be set to one of the
following:
0 - The RADIUS record is valid only for
multi-device port authentication. Set this
attribute to zero to prevent a user from using
their MAC address as username and
password for 802.1X authentication
1 - The RADIUS record is valid for both
multi-device port authentication and 802.1X
authentication.

Advertising
Popular Brands
Popular manuals